from the kangaroo-courts dept

It was evident when the "three strikes" or "graduated response" was first proposed in France back in 2009 that it was a really bad idea. After all, in its crudest form, it cuts people off from what has become a necessity for modern life -- the Internet -- simply because they are accused of copyright infringement, an area of law that is notoriously full of uncertainties. Given that inauspicious start, it's no surprise that over the years, the three strikes system has failed everywhere, with some of the early adopters either dropping it, or putting it on hold. No wonder, then, that a latecomer, Australia, is also having problems with implementing the approach, as this report from c|net makes clear:

A three strikes scheme to track down individual pirates and send them warning letters about their downloading habits has been all but quashed, after rights holders and ISPs decided that manually targeting and contacting downloaders would be too costly.

However, as in the US, where the "six strikes" scheme is also flailing, the Australian copyright industry has no intention of seizing this opportunity to move on from this punitive approach. Instead, it wants to make it worse by automating the process. Village Roadshow Co-CEO Graham Burke, who Techdirt wrote about back in 2014, is quoted as saying:

"When automation occurs, instead of costing AU$16 or AU$20 a notice [about US$12 or US$15], which is just prohibitive, it will cost cents per notice," he said. "In other words, the ISPs will have an automated system that can be done simply, as opposed to at the moment it's manual."

Of course, an automated system is likely to be plagued by false positives even more than one operated by humans. The much lower cost involved -- cents rather than dollars per letter -- means that there will be no economic incentive to check for these in order to keep the numbers down, which are likely to balloon as a result. In other words, it seems clear that the three strikes system in Australia is about to get much worse -- and it was bad to begin with.

But there is one piece of positive news to emerge from this story. The Australian copyright industry says that it is not worth pursuing alleged copyright infringement cases unless the three strikes system costs almost nothing to use. Clearly, then, the real scale of the losses caused by online piracy is nowhere near as great as companies love to claim, otherwise basic economics would push them to use even a manual system. That's yet another reason to get rid of the flawed and disproportionate graduated response.

Top cryptologists have reasonably cautioned that “new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws,” but this is not the end of the analysis. We recognize there may be risks to requiring such access, but we know there are risks to doing nothing.

Actually, it kind of is "the end of the analysis" because the core element of that analysis is the fact that any attempt to backdoor encryption doesn't just make security weaker, it puts basically everyone at much greater risk. It introduces cataclysmic problems for any system that stores information that needs to be kept secure and private.

The following sentence is equally inane, in which he tries to place the "risks" of backdooring encryption on the same plane as the risk of ISIS using encryption. Let's be clear here: the risk of backdooring encryption isn't just significantly larger than the risk of ISIS using encryption, they're not even in the same universe. Even worse, by backdooring encryption, you are almost certainly increasing the risk of ISIS as well, by giving them a massive vulnerability to attack and exploit. Trying to suggest that this is an "on the one hand, on the other hand" situation is so ridiculously ignorant, one wonders who the hell is advising Senator McCain on this topic.

The fact is that there are always some risks. Tens of thousand of people die in car accidents in the US every year, yet you don't hear Senator McCain weighing the risks of driving versus the risks of banning cars. And that's a much more reasonable position to stake out, because banning cars would actually reduce automobile deaths — but it would also cripple the economy. But here's the thing: backdooring encryption has the potential to do much more damage to the economy than banning automobiles, because it would create vulnerabilities that could really completely shut down our economy. So, for McCain to pretend that there are somewhat equal risks on either side isn't just ignorant and meaningless, it's dangerous.

Some technologists and Silicon Valley executives argue that any efforts by the government to ensure law-enforcement access to encrypted information will undermine users’ privacy and make them less secure. This position is ideologically motivated and profit-driven, though not without merit. But, by speaking in absolute terms about privacy rights, they bring the discussion to a halt, while the security threat evolves.

Honestly, this is not true. I know that Comey's favorite line these days is that using strong encryption is a "business model decision," but Silicon Valley's interest in strong encryption doesn't appear to be driven by their own bottom lines, frankly. If it was, they would have adopted it much earlier. Strong encryption actually undermines some companies' business models, in that it makes it more difficult for them to collect the data that many of them rely on. The move towards stronger encryption has mostly been the result of a few things: (1) the fact that the NSA broke into their data centers and put their legitimate users at risk, (2) a better understanding of the wider risks from malicious attackers of what happens when you have weak encryption and (3) user demands for privacy. The last one may have indirect business model benefits in that it keeps users happier, but to argue that keeping users happy is somehow a purely money-driven decision, and frame it as somehow a bad thing, is pretty damn ridiculous.

And, honestly, while there are some activists who speak in absolute terms about "privacy rights," you rarely hear that from Silicon Valley companies. In fact, those who have absolute views on privacy tend to be the most critical of Silicon Valley companies for taking a much less principled view on "privacy rights." McCain pretending that this is driven by some sort of "privacy rights" advocacy suggests he's (again) woefully misinformed on this issue.

To be clear, encryption is often a very good thing. It increases the security of our online activities, provides the confidence necessary for economic growth through the Internet, and protects our privacy by securing some of our most important personal information, such as financial data and health records. Yet as with many technological tools, terrorist organizations are using encryption with alarming success.

Actually, they're not using encryption with "alarming success." There are very, very, very, very few examples of terrorists using encryption successfully. The Paris attackers? Unencrypted SMS. San Bernardino? Unencrypted social media communication.

The jihadists' followers and adherents use encryption to hide their communications within the U.S. FBI Director James Comey recently testified that the attackers in last year's Garland, Texas, shootings exchanged more than 100 text messages with an overseas terrorist, but law enforcement is still blinded to the content of those texts because they were encrypted.

Notice that this is the only example that comes up in these discussions. That's because it's the only example. And it's not even a very good one. Because, as with most encrypted communication, the metadata was still perfectly accessible. That's why they know that the attackers exchanged messages with a terrorist. Sure, they may not be able to understand the direct contents of the message, but the same thing would have been true if the attacker and the people he communicated with had worked out a code before hand. Or, you know, if they had met and talked in person. Is McCain going to ban talking in person too?

Finally, McCain's "solution" to all of this is to make a law telling Silicon Valley to nerd harder and solve the problem... or else:

As part of this effort, Congress should consider legislation that would require U.S. telecommunications companies to adopt technological alternatives that allow them to comply with lawful requests for access to content, but that would not prescribe what those systems should look like. This would allow companies to retain flexibility to design their technologies to meet both their business needs and our national security interests.

In other words, despite the fact that all of the best cryptographers in the world have said that what you're asking for is basically impossible and would make everyone less safe, just do it anyway -- and do it in a way that when it falls apart and everyone is made more vulnerable, Congressional leaders like John McCain can spin around and blame the companies rather than themselves.

We have to encourage companies and individuals who rely on encryption to recognize that our security is threatened, not encouraged, by technologies that place vital information outside the reach of law enforcement. Developing technologies that aid terrorists like Islamic State is not only harmful to our security, but it is ultimately an unwise business model.

Does John McCain seriously not employ a single knowledgeable staffer who could point out to him that basically every encrypted technology that ISIS uses is not made by an American company? Seriously, look at the list of ISIS's preferred encryption technologies:

So who, exactly, is developing technologies that "aid terrorists like Islamic State" and need their encryption undermined?

Meanwhile, we haven't even touched on the biggest issue, as was highlighted in that big paper from Harvard last week. And it's this: the whole Going Dark thing is a total myth, because for the tiny, tiny, tiny bit of information that is now blocked out by strong encryption, there's a mountain of other data that is now accessible to law enforcement and the intelligence community. Things have been getting lighter and lighter and lighter for decades.

The price tag for the requested documents is almost absurdly high. Almost. There are some mitigating factors that might keep this request from snagging the coveted "Foilie." For one, there's a whole lot of responsive documents.

In fairness, the request is quite broad in scope, and the estimated 13,051 case files would create considerable workload.

But on the other hand, the estimate seems to have been pulled out of thin air, rather than based on any actual calculations.

But assuming that $200,000 of that fee came from photocopying (which would put the total number of pages at two million), that would put the time estimate at over 40,000 hours, or 1785 days. That's almost five years of constant work without breaks.

And while $1.4 million may be pocket change for an agency with a budget in the low billions, it's a much bigger number than MuckRock's system is built to handle. Attempting to punch this estimated total into the "Cost" field returned a "What is this? A phone number??!?" error.

Naturally, the DEA has denied MuckRock's requested fee waiver, citing a whole page worth of reasons, but really mainly because there's no way it would kick 13,000 documents loose without collecting a substantial amount from the requester. On the other hand, this sky-high fee runs counter to the intended purpose of the Freedom of Information laws: to "free information." That doesn't mean it should necessarily be "free," but it does mean that agencies are supposed to do their best to ensure the public isn't priced out of accessing information.

This request will have to be narrowed considerably if MuckRock hopes to obtain anything on this subject from the DEA. While it does have crowdfunding options, the chances of donors putting together over a million dollars seems unlikely. And the DEA itself could use some guidance on putting together fee estimates, seeing as some simple math exposes how its $1.4 million quote is completely unmoored from reality.

from the case-not-made dept

One of the many problems with the debate on mass surveillance is that it is largely driven by emotions, on both sides. Facts are few and far between -- much is secret, for obvious reasons -- which makes objective discussion hard. What is needed is some rigorous research into this area. Surprisingly, it turns out the European Union has been funding just such a project, called "Surveille," a name derived from "Surveillance: Ethical Issues, Legal Limitations, and Efficiency." Here are the project's aims:

1. To provide a comprehensive survey of the types of surveillance technology deployed in Europe.

2. To assess the benefits and costs of surveillance technology. 'Benefits' refers to the delivery of improved security; 'costs' to the economic costs, negative public perceptions, negative effects on behaviour and infringement of fundamental rights.

3. To identify, elaborate and assess the whole range of legal and ethical issues raised by the use of surveillance technology in the prevention, investigation and prosecution of terrorism and other crime -- including those related to fundamental rights.

4. To communicate continuously the results of the research to a representative sample of stakeholders: European decision-makers, law enforcement professionals, local authorities, and technology developers, and to receive feedback to inform continuing research.

Electronic mass surveillance -- including the mass trawling of both metadata and content by the US National Security Agency -- fails drastically in striking the correct balance between security and privacy that American officials and other proponents of surveillance insist they are maintaining.

We arrived at this conclusion by subjecting a wide-range of surveillance technologies to three separate assessments by three parallel expert teams representing engineers, ethicists, and lawyers. Each team conducted assessments of surveillance technologies, looking at ethical issues they raise; the legal constraints on their use – or those that should exist – on the basis of privacy and other fundamental rights; and, finally, their technical usability and cost-efficiency. This work was fed into and commented upon by two end-user panels, one consisting of law enforcement officials and the other of representatives of cities and municipalities.

The main academic paper is not at all dry; that's because it consists largely of a detailed analysis of real-life surveillance techniques of the kind frequently discussed here on Techdirt. It subjects them to assessments from very different viewpoints -- technical, ethical and legal. Interesting as these are, it's the final conclusions that are most important, because they give the lie to the oft-expressed view that mass surveillance is somehow "justified" by the results it produces:

Various kinds of Internet monitoring techniques are applied side by side with more traditional surveillance techniques. We find most of the Internet monitoring applications both ethically and legally impermissible, assessing them poorly in comparison with traditional, non-technology based surveillance methods. Furthermore, the Internet monitoring techniques compare poorly with the traditional techniques also in terms of usability.

...

Internet monitoring techniques, with the exception of targeted social networking analysis, represent an unacceptable interference with fundamental rights to privacy and data protection, the deepest ethical risks of chill and damage to trust, intrusion and discrimination, while also violating moral norms of proportionality of methods and consent of the policed. Meanwhile these high moral and legal costs reflect a mostly middling to poor usability benefit, performing worse with regard to cost, efficiency and privacy-by-design than lower tech alternatives. The case for a mass Internet monitoring system is found wanting.

A crucial point made there, so often ignored in debates about mass surveillance, is that low-tech approaches are generally better. In other words, there is no need to trade off fundamental rights for safety by spying on the entire Internet: greater security can be provided by adopting traditional, well-regulated, non-technology-based surveillance methods that do not require everyone to give up their privacy online.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

The Open Technology Institute is no stranger to the adverse side effects of the NSA's pervasive surveillance. Its own open-source mesh network project (Commotion) was accompanied by this warning, prompted by the revelations of the Snowden leaks.

Commotion

Cannot hide your identity Does not prevent monitoring of internet traffic Does not provide strong security against monitoring over the mesh Can be jammed with radio/data-interference

So, how much will the NSA leaks cost American businesses? It's tough to say. Although the OTI has done an incredible amount of research, it's difficult to pin down exact losses. Any time an American company has its bid denied by a foreign country, the NSA's actions have likely played some role. But this will very rarely be stated explicitly. This leads to a rather open-ended estimate of lost sales.

Nearly 50 percent of worldwide cloud computing revenue comes from the United States, and the domestic market more than tripled in value from 2008 to 2014. However, within weeks of the first revelation, reports began to emerge that American cloud computing companies like Dropbox and Amazon Web Services were losing business to overseas competitors. The NSA’s PRISM program is predicted to cost the cloud computing industry from $22 to $180 billion over the next three years.

Cloud services aren't the only victims of NSA overreach. Hardware manufacturers are also seeing losses. Cisco, one of the first to complain about sales losses due to NSA leaks, was also the only company to have its logo splashed all over the internet when a leaked presentation contained a photo of NSA agents opening one of its boxes from an intercepted shipment. The NSA's Tailored Access Operations (TAO) has subverted any number of companies' products and Qualcomm, Microsoft and Hewlett-Packard have all reported dropping sales, according to OTI's research.

Other direct effects are being felt as well. Germany is ending its long-running contract with Verizon and German companies are specifically excluding American businesses when seeking bids. The blowback from the NSA's spying on Brazilian president Dilma Roussef cost Boeing a $4.5 billion contract for new jet fighters. (The contract went to Saab.)

Also directly affecting US companies is a future full of increased compliance costs as countries move towards data sovereignty. This means tech companies like Facebook and Google will need to build local data centers if they wish to keep citizens in affected countries as users. The European Parliament's new data protection law could easily result in massive fines for US companies.

In March 2014, members of the European Parliament passed the Data Protection Regulation and Directive, which imposes strict limitations on the handling of EU citizens’ data. The rules, which apply to the processing of EU citizens’ data no matter where it is located, require individuals to consent to having their personal data processed, and retain the right to withdraw their consent once given. The deterrent fines are significant: violators face a maximum penalty of up to five percent of revenues, which could translate to billions of dollars for large tech companies.

Companies from outside of the tech sector are also facing downturns, thanks to the NSA's activities. The cheapest and most convenient way for companies to reach customers (and vice versa) is taking a hit as wary citizens take steps to avoid leaving as large a digital footprint.

According to an April 2014 Harris poll, nearly half of the 2000 respondents (47 percent) have changed their online behavior since the NSA leaks, paying closer attention not only to the sites they visit but also to what they say and do on the Internet. In particular, 26 percent indicated that they are now doing less online shopping and banking since learning the extent of government surveillance programs.

The most harmful indirect side effect of the NSA leaks is a move towards Balkanization of the internet, an outcome that threatens both the structural integrity of the web as well as the public itself.

Data localization proposals also threaten the functioning of the Internet, which was built on protocols that send packets over the fastest and most efficient route possible, regardless of physical location. Finally, the localization of Internet traffic may have significant ancillary impacts on privacy and human rights by making it easier for countries to engage in national surveillance, censorship, and persecution of online dissidents.

It's not just tech companies that are the collateral damage of the NSA's programs. It's also the American government itself. The entity that gave its official blessing for widespread, untargeted surveillance in the wake of the 9/11 attacks is now paying the price for its audacity. Not only did this negatively affect the US's nominal position as the "head" of the open internet, but it's also completely eroded the high ground on human rights the country held for so many years.

The damaged perception of the United States as a leader on Internet Freedom and its diminished ability to legitimately criticize other countries for censorship and surveillance allows foreign leaders to justify and even expand their own efforts. The long-term implications of destroying trust in the Internet through the hypocrisy of its greatest champion are detrimental to the interests of all democratic nations. Foreign governments and their populations are now wary not just of the United States government and companies, but of technology more generally.

It is apparent that the negative side effects of the NSA's power and reach were never considered by anyone with the power to rein it in. Now that these programs have been exposed, the damage control has backfired, relying both on "it's completely legal" (which implicates the US government and its oversight policies) and the always-vaguely-stated "terrorism threat" (which paints the agency and its supporters as disconnected fearmongerers). Now, the US is paying the price, with most of it being paid by those outside of any government.

The OTI suggests several remedies, most of which the NSA (and the administration) would likely fight every step of the way. Strengthening data protections (and extending those protections to foreign citizens) would be portrayed as allowing terrorists to escape detection and surveillance. Increased transparency is also suggested, but that hasn't been welcomed by anyone at the administration level for the past 13 years. There's no reason to believe a sea change is just over the horizon.

Also suggested is restoring trust in the NIST's encryption standards and forbidding the NSA from installing hardware and software backdoors. The former is a long shot, but doable. Restoring trust always takes much, much longer than destroying it. On the latter, there's no way the NSA will give up this surveillance tool without a (long) fight and there's hardly any reason to believe it will ever give it up completely. After all, despite all the forced transparency, it still operates mostly in the dark.

OTI also calls for the NSA to stop making internet use more dangerous than it already is.

Secret stockpiling of previously unknown flaws irresponsibly leaves users open to attack from anyone who discovers the weakness. Consistent with the Review Group’s Recommendation, the U.S. government should establish and adhere to a clear policy to disclose vulnerabilities to vendors by default, and only withhold that information in the narrowest circumstances and for the shortest period of time possible—if at all.

As has been noted, this is a worldwide problem, greatly exacerbated by a number of private security firms which stockpile vulnerabilities to sell to intelligence and law enforcement entities (while at the same time selling protection against their stockpile of undisclosed exploits to other private companies). Stopping the NSA from doing this is only a small part of the problem. Governing the actions of private companies worldwide will be a much more difficult task.

The repercussions of the NSA's programs will be felt for years. The cost to the United States' reputation is already being felt. It can't be quantified, but it is very noticeable. The final cost to American companies will undoubtedly be in the hundreds of billions. Destroyed trust takes a long time to rebuild and every day that passes without the NSA being seriously reined in (the USA Freedom Act, Dianne Feinstein's Fake Fix) just makes it longer. Lost sales are hard to quantify, but there can be no doubt this will harm the US -- on both a private and public level -- for years to come.

from the 180,000-reasons-she'll-never-see-these-records dept

With the advent of freedom of information laws came a series of guidelines meant to encourage government agencies to follow not just the letter, but the spirit of the law. There's always been a gap between the public and their public servants, and these open records laws have attempted to bridge that by giving people the power to demand transparency from government agencies. In theory, it's great. In practice, it's redactions, refusals and lawsuits.

One of the key aspects of these statutes is the limitation of fees charged by responding agencies. This is in place to prohibit agencies from discouraging requests by pricing the public out of the market. That fees should be charged at all is debatable, considering everything from the creation of the documents to the retrieval of requested information is already paid for with tax dollars. Nonetheless, agencies are warned against charging excessive fees to avoid creating a chilling effect that would inhibit further transparency.

The Florida Statutes provide a schedule for copying fees. If no fee is set forth in the statutes, section 119.07(4)(a)1 of the Florida Statutes permits agencies to charge up to 15 cents per one-sided copy for paper copies that are 14 inches by 8 ½ inches or less and an additional 5 cents for two-sided copies. Agencies can also charge one dollar for certified copies of a public record. For other copies, the charge is limited to the cost of the material and supplies used.

A few exceptions exist where agencies may charge more than 15 cents. Among these are all court records, county maps, aerial photographs, and crash and homicide reports. An agency may not charge a sales tax when providing copies of public records.

Sometimes, the nature or the volume of the public records requested will require extensive use of the agency’s information technology resources or of the clerical or supervisory personnel assigned to make copies or safeguard records. In these instances, the law allows agencies to charge a service fee for the inspection and copying of public records. All service charges for inspecting public records must be REASONABLE.

[Angel] King has fought for nearly five years to learn more about her daughter's supposed suicide in Jacksonville Beach, which she strongly believes was not a suicide at all. She's repeatedly pressed Jacksonville Beach cops, prosecutors and medical examiners for more details about what she considers the suspicious circumstances surrounding her 24-year-old daughter's death.

Last week, she finally got what she's been waiting for from the State Attorney's Office after repeated requests — an email saying her records were available, and she can have them.

One little catch: The records would cost her $178,949.48.

It appears the State Attorney's Office has a very liberal translation of the word "reasonable." There's nothing reasonable about demanding $180,000 for the release of records related to a single investigation. There's no telling how many responsive documents the attorney's office is sitting on (which it won't even begin compiling until King submits an $89,475 down payment), but it's presumably smaller than the 840 pages turned over by the DHS to Scott Ainslie of MuckRock, which charged him $0 as the cost was "below the $14 minimum."

This doesn't sound like an agency trying to recover costs. It sounds like an agency that doesn't want to make certain documents public. King has several questions about the circumstances surrounding her daughter's death, but no one wants to answer them.

The eventual ruling of suicide was based on initial reports from a botched investigation by Jacksonville Beach Police Department officers, King and private investigators who have looked into the case allege.

Boykin somehow used the gun to shoot herself in the chest, though the maneuver would have required her to hold the pistol in a manner in which she had to use her thumb to pull the trigger, according to outside forensics experts King has consulted. And Boykin's body had obviously been moved from where she died, based on the location of blood splatters, they said. King says she has found no records to indicate that detectives informed the medical examiner of that detail until well after the case was closed.

If this were simply an exception, it wouldn't be as concerning. But other government agencies in Florida are charging excessive fees for the retrieval of public records.

Barbara Petersen of the Florida First Amendment Foundation sought one week's worth of email from the governor's Communication Director. The governor's office charged her $780 and took months to respond. Other agencies Petersen contacted charged as little as $10 for two weeks of email, while also responding more quickly. The governor's office claimed the increased cost was due to many of the governor's staff using personal email to conduct state business (another cause for alarm), resulting in a $70/hr. charge being applied to search non-government accounts.

The Citizens Awareness Foundation of Florida asked for similar documents from every school district in the state (a list of law enforcement agencies that provide school resource officers and details of any settlement agreements the schools had entered into) and were given a wide variety of responses. Some turned over the documents at no cost, but others quoted prices of $700-$8,000 to fulfill the request, with the fees being demanded up front before compiling of responsive documents would begin.

Now, some of the above may not be malicious attempts to keep requesters separated from the information they're seeking. Some of these cases may just be misreading of the statutes or government employees acting on a minimum of training. But others are clearly designed to discourage the request of public records.

In King's case, the $180,000 asked only makes sense if a) there's a ton of internal communication (which would suggest a very questionable investigation) or b) the DA's office would rather not have responsive documents made public (which suggests the very same thing).

[A]ssistant state attorney Brittany O'Neil, of the office's public records division, said the estimate was based on numerous factors, including attorneys' hours for reviewing documents, clerical work to collect it, redactions to some of the documents, making copies and numerous other tasks that would be needed to meet her request.

"Numerous other tasks" is certainly vague enough. The "attorneys' hours" sounds expensive, but doesn't necessarily have to be. The same letter that explains the reasonable fees provision says the following:

A higher rate may be charged for requests that involve complex documents containing various exempt or confidential information. Usually this will involve documents that have to be reviewed by an attorney or paralegal with the knowledge necessary to make decisions with respect to potential exemptions. For example, a circuit court judge approved a rate of thirty-five dollars per hour in a case where the agency attorney had reviewed exempt material in a voluminous criminal case file.

Even 1,000 hours of agency attorney time would only add up to $35,000. It doesn't appear as though judges are willing to approve excessive hourly costs. In fact, most hourly rates are supposed to be calculated at a state employee base rate, rather than the actual hourly wage of the employee doing the work.

King has spent $2,000 so far obtaining records from the state attorney's office, and a spokesperson said they've been "responsive" to everything she's requested. King's latest is a "blanket request," seeking everything the office has on her daughter's death.

"She has put in several requests and this is the latest request," Barnard says. "She has had complete access to what she wanted. We have responded to every request — whether we could fulfill it, or if we didn't have the records, or when we needed more information from her about what records she was requesting."

This defense of its actions is actually an admission that the office is still sitting on a ton of responsive documents. If it wasn't, the response would have indicated there was nothing further to be released that hadn't already been requested. And the presence of tons of documents for a supposed open-and-shut "suicide" doesn't exactly instill confidence that the office's decision to close the case was correct.

from the not-so-much-about-how-expensive-copper-is,-but-how-cheap-wireless-is dept

At the tail end of October, we brought you the story of Verizon's attempt to subvert New York's Freedom of Information Law by releasing hundreds of fully-redacted pages. Information on costs related to the buildout, repair and support of copper lines versus the inferior (and capped) replacement (Voice Link) Verizon was pushing was being sought by consumers who felt (understandably) that the company was overstating its claims in order to abandon copper line customers.

Verizon delivered page after fully-redacted page of "info" on costs, stating that revealing these "trade secrets" would give its competition an unfair advantage. While there is undoubtedly some truth to that claim, the fact is that the company had plenty of other reasons to keep the numbers hidden -- especially if it had been overstating the amount of money it would have to spend to restore copper service to areas knocked out by Hurricane Sandy.

Last Wednesday, the New York Public Service Commission ordered Verizon to provide the public with un-redacted cost information about providing phone service on Fire Island, New York. The directive denied Verizon’s request to be exempt from disclosing cost documents…

Consumer advocates complained Verizon was simply hiding the fact they were looking to get rid of those users anyway in order to focus on more profitable wireless service, and that Sandy itself was a red herring. Verizon ultimately dropped the request amid protests and said FiOS would be run to Fire Island after all.

“The information claimed by Verizon to be trade secrets or confidential commercial information does not warrant an exception from disclosure and its request for continued protection from disclosure is denied,” it said in Monday’s ruling.

State officials wrote there “is no present or imminent contract award that could be impaired by the disclosure” and that the state Freedom of Information Law is based on a “premise that the public is vested with an inherent right to know and official secrecy is anathematic to our form of government.”

Verizon plans to appeal the decision, which means the cost data will still be locked up while that process is underway. This decision, while a win for those seeking to verify Verizon's "it costs too much" claims, could possibly be exploited by companies who may being seeking competitors' proprietary data via proxy FOI requests. The Commission will need to be wary of the unintended consequences it just set in motion.

As for Verizon's New York customers, they're still not entirely happy with Verizon's earlier capitulation, which saw the provider decide to run FIOS to Fire Island rather than force customers into a shoddy wireless service with voice and data caps. Even with FIOS, Verizon is still failing to provide reliable phone service, something they say the law requires it to provide. Unlike copper lines, FIOS may not work during power outages.

Verizon (along with AT&T) has made little secret of its desire to ditch copper lines and move its customers towards higher margin wireless services. If Verizon is ultimately forced to turn over cost data to the public, it could make for some very interesting reading.

from the of-course,-there's-no-accounting-for-classified-funds dept

The surveillance dragnet in the US is undeniably large. As such, lots of money (your money) goes into financing the collection of "relevant" data (your data). We've already seen the generous $100 million surveillance "grant" handed out to telcos in exchange for their "voluntary" cooperation.

AT&T, for example, imposes a $325 "activation fee" for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Rep. Edward Markey, D-Mass.

These fees are rather low when it comes to government expenditures, but this solely covers the less popular method of obtaining information -- old school, targeted wiretaps. Email records are also obtained very cheaply ($25 or less). Part of this surprisingly low cost is automation. In many cases, what the government is requesting is already automatically generated. Another factor is mitigation of the costs of compliance to the company itself.

Online companies in particular tend to undercharge because they don't have established accounting systems, and hiring staff to track costs is more expensive than not charging the government at all, he said.

Possibly the greatest factor in keeping the prices low is the oft-maligned court of public opinion. Most of the involved companies would rather not appear to be profiting from selling customer data to the government. That's probably a smart idea, but civil liberties defenders agree that these companies should be charging something, rather than handing out info for free.

"What we don't want is surveillance to become a profit center," said Christopher Soghoian, the ACLU's principal technologist. But "it's always better to charge $1. It creates friction, and it creates transparency" because it generates a paper trail that can be tracked.

The individual prices may seem nickel-and-dime, but the government generates enough business for this to turn into real money. AT&T claims to have 100 staffers working around the clock to satisfy government data requests. Verizon claims to have 70. $100 million has already been sent their way, and both companies are extremely unlikely to simply eat these expenses.

Even regular wiretaps can generate significant costs.

The average wiretap is estimated to cost $50,000, a figure that includes reimbursements as well as other operational costs. One narcotics case in New York in 2011 cost the government $2.9 million alone.

The costs associated with the FBI's and NSA's large scale surveillance efforts is likely to remain hidden. The FBI claims it's not possible to estimate its outlays as the payments run through a "variety of programs, field offices and case funds."

Anything about the size of NSA's payments to cooperating companies is genuinely impossible to nail down. (At least without a leak...) Its annual budget is classified. All that's known for certain is 15 intelligence agencies share a $75 billion annual budget and estimates place the NSA's share at $10-15 billion.

There's little chance the details of this budget will ever be publicized, which means the public is again asked to trust the "oversight" of those who have access. It's safe to say a large shadow industry has developed over the past 15 years, one that goes beyond simple transactions between intelligence agencies and involved services.

There's also a large number of private security firms being employed by these agencies, many of which have ensured future profitability by setting up shop as close to the Beltway as possible. That's the larger concern: a set of corporations almost totally funded with public money assisting in the capture, analysis and storage of the public's data.

from the caps-and-pap dept

As we just recently discussed, broadband providers appear to finally be willing to give up their pretend need for data caps due to the pretend costs of delivering service. The story they told essentially was that, without data caps, congestion would clog the interwebz tubes and that laying bigger tubes was way too costly. Perhaps noteably, this rarely resulted in actual hard caps on data, but rather provided a convenient excuse to charge more for more data service, regardless of the effect or cost of delivering that service.

Verizon (VZ) posted a pretty impressive holiday quarter (one-time charges aside) with a good outlook on Tuesday, and the company’s share price rose as a result. There were also plenty of interesting takeaways from the carrier’s earnings call, but The New York Times’ Brian X. Chen zeroed in on one item of particular interest. Verizon launched new “Share Everything” plans last summer that make smartphone data more expensive for many users. The best thing about these plans for investors — and, not coincidentally, the worst thing about the plans for subscribers — is that Verizon is now making more money off of smartphone data as costs associated with transmitted that data are falling.

It really doesn't get much simpler than that. The 4G LTE network is efficient to the point that delivering the service costs less than the 3G network, yet the price to consumers is going up. To be clear, the problem here isn't that Verizon is making money. Rather, the problem is that this comes from the same company that built a business model around low caps and high overage costs while also claiming that caps were the sign of a "competitive market." For those of you playing along at home, it's precisely because of a lack of competition that Verizon can at once have its costs drop while raising prices on its services. Were there more competition, someone new would compete on price or value of service. As it stands, Verizon can use their faster service and low caps to further the aforementioned business model.

As an added bonus, Chen noted that Verizon’s faster data networks also cause users to eat through their data allowances more quickly. This eventually prompts them to buy more expensive plans with higher data caps, which of course net Verizon even more cash.

As a Verizon customer myself, these kinds of signs that there isn't enough competition for my dollar are quite frustrating. On top of that, the model is specifically designed to provide a great service and then drop a bunch of obstacles in its path... it's maddening.

from the think-outside-the-box dept

A bunch of folks have been sending over Business Insider's coverage of a Goldman Sachs Report concerning Google Fiber, and how much it would cost to roll it out nationwide. The estimate from BI, which is what lots of people are quoting, is that it would cost $140 billion. From the quote presented in the article, it's not clear if the Goldman Sachs report actually uses that number of not. The only number actually quoted is that it would cost about $70 billion to cover less than half, so I don't know if the BI reporter is just extrapolating in a manner that seems ridiculous (if covering half the country is $70 billion, that does not mean covering the other half is also $70 billion -- it doesn't work that way):

Building out the infrastructure will be expensive. In his September 17 report Still Bullish on Cable, although not blind to the risks, Goldman Sachs Telco analyst Jason Armstrong noted that if Google devoted 25% of its $4.5bn annual capex to this project, it could equip 830K homes per year, or 0.7% of US households. As such, even a 50mn household build out, which would represent less than half of all US homes, could cost as much as $70bn. We note that Jason Armstrong estimates Verizon has spent roughly $15bn to date building out its FiOS fiber network covering an area of approximately 17mn homes.

Of course, even if we accept this number to be true -- even though that seems unlikely to be the case -- it seems to miss the point. Google has been pretty clear all along that the goal of the Google Fiber project was not to turn Google into a national broadband competitor, but to drive others to really up their game by showing what's possible: super cheap, super fast broadband with friendly customer service.

And, while Google shied away from its initial promise to have its network open for other services to compete, it still seems like that might be a better way to offer such a broadband. That is, rather than dumping the expense entirely on one company, imagine if it were split up among a bunch of companies (or even individuals), with a promise of openness and competition at the service level, rather than at the infrastructure level. In effect, this is what is happening down in Australia, via government fiat, in which it's building out a national fiber network, with plans to have it open for competition at the service level. That way, the costs of the infrastructure are spread out, but it opens up massive new opportunities for service providers if they provide good service.

The problem -- and the reason such a thing is unlikely to move forward -- is, once again, this insistence by companies that there's more value in owning the pipe entirely, and keeping it locked up and scarce, even if it means less overall efficiency and less overall opportunity. A long term view would recognize that investing in the best network possible, but sharing those costs, and then letting the real competition happen at the service level, would benefit everyone. Instead, we end up with fighting over slow, limited and fragmented networks. It's too bad.